package main

import (
	"testing"

	"system-altrak/internal/config"

	"github.com/gofiber/fiber/v2"
)

func TestBuildFiberConfigRequiresTrustedProxyConfig(t *testing.T) {
	_, err := buildFiberConfig(&config.Config{
		TrustProxy:  true,
		ProxyHeader: "X-Forwarded-For",
	})
	if err == nil {
		t.Fatal("expected error when trust proxy is enabled without trusted proxies")
	}
}

func TestBuildFiberConfigAppliesTrustedProxySettings(t *testing.T) {
	fiberConfig, err := buildFiberConfig(&config.Config{
		TrustProxy:         true,
		ProxyHeader:        "",
		TrustProxyProxies:  []string{"10.0.0.1", "10.0.0.0/24"},
		TrustProxyLoopback: true,
		EnableIPValidation: false,
	})
	if err != nil {
		t.Fatalf("buildFiberConfig returned error: %v", err)
	}

	if !fiberConfig.EnableTrustedProxyCheck {
		t.Fatal("expected trusted proxy check to be enabled")
	}
	if fiberConfig.ProxyHeader != fiber.HeaderXForwardedFor {
		t.Fatalf("expected default proxy header %q, got %q", fiber.HeaderXForwardedFor, fiberConfig.ProxyHeader)
	}
	if !fiberConfig.EnableIPValidation {
		t.Fatal("expected IP validation to be forced on when trust proxy is enabled")
	}
	expectedTrustedProxies := []string{
		"10.0.0.1",
		"10.0.0.0/24",
		"127.0.0.0/8",
		"::1/128",
	}
	if len(fiberConfig.TrustedProxies) != len(expectedTrustedProxies) {
		t.Fatalf("expected %d trusted proxies, got %d", len(expectedTrustedProxies), len(fiberConfig.TrustedProxies))
	}
	for index, expectedProxy := range expectedTrustedProxies {
		if fiberConfig.TrustedProxies[index] != expectedProxy {
			t.Fatalf("expected trusted proxy %d to be %q, got %q", index, expectedProxy, fiberConfig.TrustedProxies[index])
		}
	}
}

func TestBuildFiberConfigAllowsUnixSocketTrustProxyWithoutExplicitList(t *testing.T) {
	fiberConfig, err := buildFiberConfig(&config.Config{
		TrustProxy:           true,
		TrustProxyUnixSocket: true,
	})
	if err != nil {
		t.Fatalf("buildFiberConfig returned error: %v", err)
	}

	if !fiberConfig.EnableTrustedProxyCheck {
		t.Fatal("expected trusted proxy check to be enabled")
	}
	if !fiberConfig.EnableIPValidation {
		t.Fatal("expected IP validation to be forced on when trust proxy is enabled")
	}
	if len(fiberConfig.TrustedProxies) != 0 {
		t.Fatalf("expected no explicit trusted proxies, got %d", len(fiberConfig.TrustedProxies))
	}
}